VulnerableCode Package Details - pkg:pypi/torch@2.8.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-dm2h-xssw-xqhb Aliases: CVE-2025-55554 PYSEC-2025-206	pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().	2.9.0 Affected by 0 other vulnerabilities.
VCID-jqpq-n5zb-2ydh Aliases: CVE-2025-55552 PYSEC-2025-204	pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.	2.9.0 Affected by 0 other vulnerabilities.
VCID-rr2u-g78b-yfev Aliases: CVE-2025-55551 PYSEC-2025-203	An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.	2.9.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-dm2h-xssw-xqhb
Aliases:
CVE-2025-55554
PYSEC-2025-206

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

2.9.0
Affected by 0 other vulnerabilities.

VCID-jqpq-n5zb-2ydh
Aliases:
CVE-2025-55552
PYSEC-2025-204

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.

2.9.0
Affected by 0 other vulnerabilities.

VCID-rr2u-g78b-yfev
Aliases:
CVE-2025-55551
PYSEC-2025-203

An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

2.9.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-cwfe-teus-ykbj	PyTorch Improper Resource Shutdown or Release vulnerability A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue.	CVE-2025-3730 GHSA-887c-mr87-cxwp

Vulnerability

Summary

Aliases

VCID-cwfe-teus-ykbj

PyTorch Improper Resource Shutdown or Release vulnerability A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue.

CVE-2025-3730
GHSA-887c-mr87-cxwp

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T17:07:41.671451+00:00	GithubOSV Importer	Fixing	VCID-cwfe-teus-ykbj	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-887c-mr87-cxwp/GHSA-887c-mr87-cxwp.json	38.6.0
2026-06-04T16:23:50.145675+00:00	GitLab Importer	Fixing	VCID-cwfe-teus-ykbj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/torch/CVE-2025-3730.yml	38.6.0
2026-06-02T04:23:21.658069+00:00	Pypa Importer	Affected by	VCID-dm2h-xssw-xqhb	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-206.yaml	38.6.0
2026-06-02T04:23:21.267048+00:00	Pypa Importer	Affected by	VCID-jqpq-n5zb-2ydh	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-204.yaml	38.6.0
2026-06-02T04:23:21.068655+00:00	Pypa Importer	Affected by	VCID-rr2u-g78b-yfev	https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2025-203.yaml	38.6.0